MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc319be00b3ac7727f2b7d55b532899be8518b2fe69588cf23e4c8e34b139155. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc319be00b3ac7727f2b7d55b532899be8518b2fe69588cf23e4c8e34b139155
SHA3-384 hash: 7671b5b4e9d8aef7b658cc7a28b37c5f1d88cb8dbad65f1863085ba51373fb2f3abb4f60cd1d4c7b9982b7e25a9513f9
SHA1 hash: 14796247f688b312561893955c2255aefa38ffc9
MD5 hash: 95033406f9719a72e37ab1dc499bff86
humanhash: alanine-utah-cold-kentucky
File name:file
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:5'656'064 bytes
First seen:2022-11-27 16:37:55 UTC
Last seen:2022-11-27 18:31:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f76d9b0ded8bf677478f7fdebaef8c1d (2 x LaplasClipper)
ssdeep 98304:i1uzvaiQ1TMcEGVxw8YGGagQzR0GFxhkdTG+xqWWU5TV+K2mRXtJg:wiQ1TF12mzRrdkBrwK2I9C
Threatray 1'047 similar samples on MalwareBazaar
TLSH T1554623A353102358E0D6CCB94533BFB3B1F7056A89829C756EAD3EC939225D5D70BA0B
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon f4f0e0e0e0e4e2dc (1 x LaplasClipper)
Reporter jstrosch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2022-11-27 16:40:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/676a95fa-0ea4-4f11-adcf-251128092cd6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/339084/
Detection(s):
SecuriteInfo.com.Win32.TrojanX-gen.9581.5269.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Sending a custom TCP request
Running batch commands
Launching a process
Creating a file
Searching for the window
Creating a process from a recently created file
Enabling autorun by creating a file
Sending an HTTP GET request to an infection source
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6383926d94f9bac087b38655/reports/59199788-518e-4840-af0d-7e6827cbced3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c2f67ba0-8692-4323-94b4-e39c2bb59db5
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1121978
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Snort IDS alert for network traffic
Tries to detect virtualization through RDTSC time measurements
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 754695 Sample: file.exe Startdate: 27/11/2022 Architecture: WINDOWS Score: 80 25 Snort IDS alert for network traffic 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Laplas Clipper 2->29 31 2 other signatures 2->31 7 file.exe 2 2->7         started        11 IePNByzuQZ.exe 1 2->11         started        process3 dnsIp4 21 C:\Users\user\AppData\...\IePNByzuQZ.exe, PE32 7->21 dropped 33 Tries to detect virtualization through RDTSC time measurements 7->33 14 cmd.exe 1 7->14         started        23 185.223.93.251, 49700, 80 HOSTING-SOLUTIONSUS Netherlands 11->23 file5 signatures6 process7 signatures8 35 Uses schtasks.exe or at.exe to add and modify task schedules 14->35 17 conhost.exe 14->17         started        19 schtasks.exe 1 14->19         started        process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc319be00b3ac7727f2b7d55b532899be8518b2fe69588cf23e4c8e34b139155/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2022-11-27 16:38:35 UTC
File Type:
PE (Exe)
Extracted files:
31
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zqyzxyalhldxe7zlpvk3kmujtpufdczp42kyrtzd4teogsytsfkq._file
Verdict:
malicious
Similar samples:
1ed5934c95292cf6d732ae068e1ef5e5c057088b199031e8be45eaf26a475c67
LaplasClipper
28c1edc4fa9f29fde994540cd25402fd47d46404eb1ebbfc0fc0a245bf03bd04
LaplasClipper
354ff86b7dccc955b7ce0239141ef93f4aee741f48cd02e2c3341e711f1bf370
LaplasClipper
35914984b758d4dea8f6f8557f42b49a5ff64909a7a90fe3aea3f587ad8fd505
LaplasClipper
46878cf16c919445a9e5ada3ff03ca3465c03323a3e8b31c2de38eae1c9259e4
LaplasClipper
4e73230986aab0ad40dbd475ca56fe0f207ff5d935f766a46cd4675e6bc27229
LaplasClipper
9b840af943adcc49d4f8cfa535551c2e69957e5278221f9c5284384d4274f361
LaplasClipper
+ 1'037 additional samples on MalwareBazaar
Result
Malware family:
laplas
Create hunting rule
Score:
  10/10
Tags:
family:laplas stealer
Link:
https://tria.ge/reports/221127-t5dqqscb25/
Behaviour
Creates scheduled task(s)
GoLang User-Agent
Suspicious use of WriteProcessMemory
Executes dropped EXE
Laplas Clipper
Malware Config
C2 Extraction:
185.223.93.251
Gathering data
Unpacked files
SH256 hash:
76e7c4de82013fa7846ec210a633251fb736cca5d3fa3dfebe9108cc50e92a1d
MD5 hash:
16b90c6402a91b386cf18b7c5cfeea97
SHA1 hash:
e3cb15b6e148ee184cecae70a1f0c86607978e03
Link:
https://www.unpac.me/results/2977545f-c3aa-4843-939e-529582913f3c/
SH256 hash:
cc319be00b3ac7727f2b7d55b532899be8518b2fe69588cf23e4c8e34b139155
MD5 hash:
95033406f9719a72e37ab1dc499bff86
SHA1 hash:
14796247f688b312561893955c2255aefa38ffc9
Link:
https://www.unpac.me/results/2977545f-c3aa-4843-939e-529582913f3c/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/cc319be00b3a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.19
Link:
https://yomi.yoroi.company/submissions/cc319be00b3ac7727f2b7d55b532899be8518b2fe69588cf23e4c8e34b139155

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe cc319be00b3ac7727f2b7d55b532899be8518b2fe69588cf23e4c8e34b139155

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2428357/
Cape
Cape
https://www.capesandbox.com/analysis/339084/

Comments